Vulnerability Details CVE-2024-1747
The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any authenticated users, such as subscriber, to call them and update/delete/create customer metadata, also leading to Stored Cross-Site Scripting due to the lack of escaping of said metadata values.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.4%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2024-1747
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:-
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:21.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:21.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:21.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:22.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:23.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:24.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:25.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:26.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:27.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:28.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.1
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.2
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.3
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.4
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.5
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.6
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.7
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.8
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:29.9
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:30.0
-
cpe:2.3:a:vanquish:woocommerce_customers_manager:30.1